Move simulated TPM to own package

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

coordinator/attestation/azure/issuer_test.go

@@ -3,6 +3,7 @@ package azure
 import (
 	"testing"
 
+	"github.com/edgelesssys/constellation/coordinator/attestation/simulator"
 	"github.com/edgelesssys/constellation/coordinator/attestation/vtpm"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -14,7 +15,7 @@ func TestGetSNPAttestation(t *testing.T) {
 		errExpected bool
 	}{
 		"success": {
-			tpmFunc:     vtpm.OpenSimulatedTPM,
+			tpmFunc:     simulator.OpenSimulatedTPM,
 			errExpected: false,
 		},
 	}

coordinator/attestation/azure/validator_test.go

@@ -3,6 +3,7 @@ package azure
 import (
 	"testing"
 
+	"github.com/edgelesssys/constellation/coordinator/attestation/simulator"
 	"github.com/edgelesssys/constellation/coordinator/attestation/vtpm"
 	"github.com/google/go-tpm-tools/client"
 	"github.com/stretchr/testify/assert"
@@ -12,7 +13,7 @@ import (
 func TestTrustedKeyFromSNP(t *testing.T) {
 	require := require.New(t)
 
-	tpm, err := vtpm.OpenSimulatedTPM()
+	tpm, err := simulator.OpenSimulatedTPM()
 	require.NoError(err)
 	defer tpm.Close()
 	key, err := client.AttestationKeyRSA(tpm)

coordinator/attestation/simulator/simulator.go

@@ -0,0 +1,40 @@
+package simulator
+
+import (
+	"io"
+
+	"github.com/google/go-tpm-tools/simulator"
+)
+
+// OpenSimulatedTPM returns a simulated TPM device.
+func OpenSimulatedTPM() (io.ReadWriteCloser, error) {
+	return simulator.Get()
+}
+
+// NewSimulatedTPMOpenFunc returns a TPMOpenFunc that opens a simulated TPM.
+func NewSimulatedTPMOpenFunc() (func() (io.ReadWriteCloser, error), io.Closer) {
+	tpm, err := OpenSimulatedTPM()
+	if err != nil {
+		panic(err)
+	}
+	return func() (io.ReadWriteCloser, error) {
+		return &simulatedTPM{tpm}, nil
+	}, tpm
+}
+
+type simulatedTPM struct {
+	openSimulatedTPM io.ReadWriteCloser
+}
+
+func (t *simulatedTPM) Read(p []byte) (int, error) {
+	return t.openSimulatedTPM.Read(p)
+}
+
+func (t *simulatedTPM) Write(p []byte) (int, error) {
+	return t.openSimulatedTPM.Write(p)
+}
+
+func (t *simulatedTPM) Close() error {
+	// never close the underlying simulated TPM to allow calling the TPMOpenFunc again
+	return nil
+}

coordinator/attestation/vtpm/attestation_test.go

@@ -7,6 +7,7 @@ import (
 	"io"
 	"testing"
 
+	tpmsim "github.com/edgelesssys/constellation/coordinator/attestation/simulator"
 	tpmclient "github.com/google/go-tpm-tools/client"
 	"github.com/google/go-tpm-tools/proto/attest"
 	"github.com/google/go-tpm-tools/proto/tpm"
@@ -332,18 +333,18 @@ func TestGetSelectedPCRs(t *testing.T) {
 			errExpected: true,
 		},
 		"3 PCRs": {
-			openFunc: OpenSimulatedTPM,
+			openFunc: tpmsim.OpenSimulatedTPM,
 			pcrSelection: tpm2.PCRSelection{
 				Hash: tpm2.AlgSHA256,
 				PCRs: []int{0, 1, 2},
 			},
 		},
 		"Azure PCRS": {
-			openFunc:     OpenSimulatedTPM,
+			openFunc:     tpmsim.OpenSimulatedTPM,
 			pcrSelection: AzurePCRSelection,
 		},
 		"GCP PCRs": {
-			openFunc:     OpenSimulatedTPM,
+			openFunc:     tpmsim.OpenSimulatedTPM,
 			pcrSelection: GCPPCRSelection,
 		},
 	}

coordinator/attestation/vtpm/initialize_test.go

@@ -5,6 +5,7 @@ import (
 	"io"
 	"testing"
 
+	"github.com/edgelesssys/constellation/coordinator/attestation/simulator"
 	"github.com/google/go-tpm-tools/client"
 	"github.com/google/go-tpm/tpm2"
 	"github.com/stretchr/testify/assert"
@@ -24,7 +25,7 @@ func TestMarkNodeAsInitialized(t *testing.T) {
 	assert := assert.New(t)
 	require := require.New(t)
 
-	tpm, err := OpenSimulatedTPM()
+	tpm, err := simulator.OpenSimulatedTPM()
 	require.NoError(err)
 	defer tpm.Close()
 	pcrs, err := client.ReadAllPCRs(tpm)
@@ -76,7 +77,7 @@ func TestIsNodeInitialized(t *testing.T) {
 		t.Run(name, func(t *testing.T) {
 			assert := require.New(t)
 			require := require.New(t)
-			tpm, err := OpenSimulatedTPM()
+			tpm, err := simulator.OpenSimulatedTPM()
 			require.NoError(err)
 			defer tpm.Close()
 			if tc.pcrValueOwnerID != nil {

coordinator/attestation/vtpm/vtpm.go

@@ -3,7 +3,6 @@ package vtpm
 import (
 	"io"
 
-	"github.com/google/go-tpm-tools/simulator"
 	"github.com/google/go-tpm/tpm2"
 )
 
@@ -20,11 +19,6 @@ func OpenVTPM() (io.ReadWriteCloser, error) {
 	return tpm2.OpenTPM(tpmPath)
 }
 
-// OpenSimulatedTPM returns a simulated TPM device.
-func OpenSimulatedTPM() (io.ReadWriteCloser, error) {
-	return simulator.Get()
-}
-
 type nopTPM struct{}
 
 // OpenNOPTPM returns a NOP io.ReadWriteCloser that can be used as a TPM.
@@ -43,31 +37,3 @@ func (t nopTPM) Write(p []byte) (int, error) {
 func (t nopTPM) Close() error {
 	return nil
 }
-
-type simulatedTPM struct {
-	openSimulatedTPM io.ReadWriteCloser
-}
-
-// NewSimulatedTPMOpenFunc returns a TPMOpenFunc that opens a simulated TPM.
-func NewSimulatedTPMOpenFunc() (TPMOpenFunc, io.Closer) {
-	tpm, err := OpenSimulatedTPM()
-	if err != nil {
-		panic(err)
-	}
-	return func() (io.ReadWriteCloser, error) {
-		return &simulatedTPM{tpm}, nil
-	}, tpm
-}
-
-func (t *simulatedTPM) Read(p []byte) (int, error) {
-	return t.openSimulatedTPM.Read(p)
-}
-
-func (t *simulatedTPM) Write(p []byte) (int, error) {
-	return t.openSimulatedTPM.Write(p)
-}
-
-func (t *simulatedTPM) Close() error {
-	// never close the underlying simulated TPM to allow calling the TPMOpenFunc again
-	return nil
-}

coordinator/cmd/coordinator/main.go

@@ -12,6 +12,7 @@ import (
 	"github.com/edgelesssys/constellation/cli/file"
 	"github.com/edgelesssys/constellation/coordinator/attestation/azure"
 	"github.com/edgelesssys/constellation/coordinator/attestation/gcp"
+	"github.com/edgelesssys/constellation/coordinator/attestation/simulator"
 	"github.com/edgelesssys/constellation/coordinator/attestation/vtpm"
 	azurecloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/azure"
 	gcpcloud "github.com/edgelesssys/constellation/coordinator/cloudprovider/gcp"
@@ -146,7 +147,7 @@ func main() {
 		etcdEndpoint = "etcd-storage:2379"
 		enforceEtcdTls = false
 		var simulatedTPMCloser io.Closer
-		openTPM, simulatedTPMCloser = vtpm.NewSimulatedTPMOpenFunc()
+		openTPM, simulatedTPMCloser = simulator.NewSimulatedTPMOpenFunc()
 		defer simulatedTPMCloser.Close()
 		fs = afero.NewMemMapFs()
 	}

coordinator/coordinator_test.go

@@ -10,7 +10,7 @@ import (
 
 	"github.com/edgelesssys/constellation/cli/file"
 	"github.com/edgelesssys/constellation/coordinator/atls"
-	"github.com/edgelesssys/constellation/coordinator/attestation/vtpm"
+	"github.com/edgelesssys/constellation/coordinator/attestation/simulator"
 	"github.com/edgelesssys/constellation/coordinator/core"
 	"github.com/edgelesssys/constellation/coordinator/kms"
 	"github.com/edgelesssys/constellation/coordinator/peer"
@@ -202,7 +202,7 @@ func TestConcurrent(t *testing.T) {
 
 func spawnPeer(require *require.Assertions, logger *zap.Logger, dialer *testdialer.BufconnDialer, netw *network, endpoint string) (*grpc.Server, *pubapi.API, *fakeVPN) {
 	vpn := newVPN(netw, endpoint)
-	cor, err := core.NewCore(vpn, &core.ClusterFake{}, &core.ProviderMetadataFake{}, &core.CloudControllerManagerFake{}, &core.CloudNodeManagerFake{}, &core.ClusterAutoscalerFake{}, &core.EncryptedDiskFake{}, logger, vtpm.OpenSimulatedTPM, fakeStoreFactory{}, file.NewHandler(afero.NewMemMapFs()))
+	cor, err := core.NewCore(vpn, &core.ClusterFake{}, &core.ProviderMetadataFake{}, &core.CloudControllerManagerFake{}, &core.CloudNodeManagerFake{}, &core.ClusterAutoscalerFake{}, &core.EncryptedDiskFake{}, logger, simulator.OpenSimulatedTPM, fakeStoreFactory{}, file.NewHandler(afero.NewMemMapFs()))
 	require.NoError(err)
 	require.NoError(cor.AdvanceState(state.AcceptingInit, nil, nil))
 

coordinator/core/cluster_test.go

@@ -6,7 +6,7 @@ import (
 	"testing"
 
 	"github.com/edgelesssys/constellation/cli/file"
-	"github.com/edgelesssys/constellation/coordinator/attestation/vtpm"
+	"github.com/edgelesssys/constellation/coordinator/attestation/simulator"
 	"github.com/edgelesssys/constellation/coordinator/kubernetes"
 	"github.com/edgelesssys/constellation/coordinator/kubernetes/k8sapi/resources"
 	"github.com/spf13/afero"
@@ -169,7 +169,7 @@ func TestInitCluster(t *testing.T) {
 
 			zapLogger, err := zap.NewDevelopment()
 			require.NoError(err)
-			core, err := NewCore(&stubVPN{}, &tc.cluster, &tc.metadata, &tc.cloudControllerManager, &tc.cloudNodeManager, &tc.clusterAutoscaler, nil, zapLogger, vtpm.OpenSimulatedTPM, nil, file.NewHandler(afero.NewMemMapFs()))
+			core, err := NewCore(&stubVPN{}, &tc.cluster, &tc.metadata, &tc.cloudControllerManager, &tc.cloudNodeManager, &tc.clusterAutoscaler, nil, zapLogger, simulator.OpenSimulatedTPM, nil, file.NewHandler(afero.NewMemMapFs()))
 			require.NoError(err)
 
 			kubeconfig, err := core.InitCluster(tc.autoscalingNodeGroups, "cloud-service-account-uri")
@@ -284,7 +284,7 @@ func TestJoinCluster(t *testing.T) {
 
 			zapLogger, err := zap.NewDevelopment()
 			require.NoError(err)
-			core, err := NewCore(&tc.vpn, &tc.cluster, &tc.metadata, &tc.cloudControllerManager, &tc.cloudNodeManager, &tc.clusterAutoscaler, nil, zapLogger, vtpm.OpenSimulatedTPM, nil, file.NewHandler(afero.NewMemMapFs()))
+			core, err := NewCore(&tc.vpn, &tc.cluster, &tc.metadata, &tc.cloudControllerManager, &tc.cloudNodeManager, &tc.clusterAutoscaler, nil, zapLogger, simulator.OpenSimulatedTPM, nil, file.NewHandler(afero.NewMemMapFs()))
 			require.NoError(err)
 
 			joinReq := kubeadm.BootstrapTokenDiscovery{

coordinator/core/core_test.go

@@ -7,6 +7,7 @@ import (
 	"testing"
 
 	"github.com/edgelesssys/constellation/cli/file"
+	"github.com/edgelesssys/constellation/coordinator/attestation/simulator"
 	"github.com/edgelesssys/constellation/coordinator/attestation/vtpm"
 	"github.com/edgelesssys/constellation/coordinator/nodestate"
 	"github.com/edgelesssys/constellation/coordinator/role"
@@ -195,7 +196,7 @@ func TestInitialize(t *testing.T) {
 			assert := assert.New(t)
 			require := require.New(t)
 
-			openTPM, simulatedTPMCloser := vtpm.NewSimulatedTPMOpenFunc()
+			openTPM, simulatedTPMCloser := simulator.NewSimulatedTPMOpenFunc()
 			defer simulatedTPMCloser.Close()
 			if tc.initializePCRs {
 				require.NoError(vtpm.MarkNodeAsInitialized(openTPM, []byte{0x0, 0x1, 0x2, 0x3}, []byte{0x4, 0x5, 0x6, 0x7}))

coordinator/core/legacy_test.go

@@ -11,7 +11,7 @@ import (
 
 	"github.com/edgelesssys/constellation/cli/file"
 	"github.com/edgelesssys/constellation/coordinator/atls"
-	"github.com/edgelesssys/constellation/coordinator/attestation/vtpm"
+	"github.com/edgelesssys/constellation/coordinator/attestation/simulator"
 	"github.com/edgelesssys/constellation/coordinator/kms"
 	"github.com/edgelesssys/constellation/coordinator/pubapi"
 	"github.com/edgelesssys/constellation/coordinator/pubapi/pubproto"
@@ -136,7 +136,7 @@ func newMockCoreWithDialer(dialer *bufconnDialer) (*Core, *pubapi.API, error) {
 	getPublicAddr := func() (string, error) {
 		return "192.0.2.1", nil
 	}
-	core, err := NewCore(vpn, kubeFake, metadataFake, ccmFake, cnmFake, autoscalerFake, encryptedDiskFake, zapLogger, vtpm.OpenSimulatedTPM, &fakeStoreFactory{}, file.NewHandler(afero.NewMemMapFs()))
+	core, err := NewCore(vpn, kubeFake, metadataFake, ccmFake, cnmFake, autoscalerFake, encryptedDiskFake, zapLogger, simulator.OpenSimulatedTPM, &fakeStoreFactory{}, file.NewHandler(afero.NewMemMapFs()))
 	if err != nil {
 		return nil, nil, err
 	}

coordinator/core/state_test.go

@@ -6,7 +6,7 @@ import (
 	"testing"
 
 	"github.com/edgelesssys/constellation/cli/file"
-	"github.com/edgelesssys/constellation/coordinator/attestation/vtpm"
+	"github.com/edgelesssys/constellation/coordinator/attestation/simulator"
 	"github.com/edgelesssys/constellation/coordinator/state"
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
@@ -62,7 +62,7 @@ func TestAdvanceState(t *testing.T) {
 				if tc.openTPMErr != nil {
 					return nil, tc.openTPMErr
 				}
-				return vtpm.OpenSimulatedTPM()
+				return simulator.OpenSimulatedTPM()
 			}
 
 			core, err := NewCore(&stubVPN{}, nil, nil, nil, nil, nil, nil, zaptest.NewLogger(t), openTPM, nil, file.NewHandler(afero.NewMemMapFs()))